Security Advisory: NSA, ASD Release Information for Mitigating Web Shell Malware
Situation
The NSA (U.S National Security Agency) and ASD (Australian Signals Directorate) have released a Cyber Security information sheet to help detect and mitigate web shell malware attacks. Cybercriminals are increasingly using web shell malware on webservers to access and compromise networks and their data.
Problem
There is a large increase in Web shell malware attacks on web servers to gain access and compromise internal network devices and systems as well as gather and exfiltrate data of systems.
Implication
If web services and servers are not secure or audited, it leaves a large attack surface for malicious cyber criminals to attack in hopes of gathering data or obtaining access to the servers or internal networks, as well as the possible exfiltration of customer information or data.
Need
We recommend auditing servers, applications, and process’s, this can be done by advanced anti-virus/firewall software, and keeping up to date on software and system patches as a starting point. However, we recommend you visit and read the full (NSA) (ASD) writeup to fully understand how to protect your environment.
For more information please visit the link below.
https://media.defense.gov/2020/Apr/22/2002285959/-1/-1/0/DETECT%20AND%20PREVENT%20WEB%20SHELL%20MALWARE.PDF
_______________________________
Security Advisory: Microsoft vulnerability's found in Autodesk FBX Library in Office and Paint 3D Applications.
Situation
Microsoft has released security updates to patch vulnerabilities in products that use Autodesk FBX library such as, Microsoft Office 2016, Office 2019, Office 365 ProPlus, and Paint 3D.
Problem
A remote attacker could exploit the vulnerabilities in the unpatched software and take control of a system with the vulnerable software.
Implication
Systems with the applications unpatched leave a vulnerability and risk of the entire system being remotely compromised and remotely controlled.
Need
We recommend updating your systems and applications regularly to ensure system stability and security. For this vulnerability Microsoft has released a support page with links to the needed updates. Please review your software and install all needed patches.
Microsoft’s ADV200004 advisory for more information and patches.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004
Us-cert article about this exploit.
_______________________________
Security Advisory: IC3 Releases Alert on Extortion Email Scams
Situation
Internet Crime Complaint Center (IC3) has released an alert as they are seeing an increase in extortion scam emails, where cyber criminals threaten to release sexually explicit photos or videos or sensitive information on the user unless they agree to provide payment or in certain cases provide further access dependent on their goals.
Problem
Cyber criminals are using extortion emails to gain funding access and information by threatening to release explicit photos videos or information on their victims.
Implication
Cyber criminals are searching for and digging up sensitive data posted online or are pretending to have found this data to extort payment, additional sensitive information, or access from users.
Need
Avoid opening or responding to emails and mark them as spam. Do not store sensative photos online or on mobile devices, do not provide personal information in emails and never open or download attachments in emails. You can also report any scam emails to the FBI and IC3.gov
For additional information please read the article below
https://www.ic3.gov/media/2020/200420.aspx
________________________________
Security Advisory: OpenSSL 1.1.1
Situation
The OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability. Affecting OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f. This vulnerability dose not affect OpenSSL versions prior to 1.1.1d.
Problem
A client or server applications that calls the function SSL_check_chain() ether during or after a TLS 1.3 handshake could cause a NULL dereference. This NULL dereference occurs if an invalid or unrecognized signature algorithm is received from the peer.
Implication
A remote attacker/peer could maliciously craft a TLS 1.3 handshake against an application using OpenSSL, which could result in a Denial of Service attack.
Need
All affected OpenSSL 1.1.1 users are strongly recommended to update to version OpenSSL 1.1.1g.
Additional information
https://www.openssl.org/news/secadv/20200421.txt
________________________________
Security Advisory: Google Releases Security Update for Chrome (version 81.0.4044.122)
Situation
Google has released a new security patch for their Chrome browser for Windows, Mac, and Linux systems, patching 8 security flaws.
Problem
Google has patched multiple High CVE vulnerabilities, although they have not provided the details on the CVEs.
Implication
Google has not provided all 8 CVEs but they include:
CVE-2020-6459
CVE-2020-6460 (Insufficient data validation)
CVE-2020-6458 (Out of bound read and write for PDFium)
Need
Chrome downloads updates automatically but needs to be restarted for it to be applied. Manually apply the patch to bring your version up to 81.0.4044.122 or greater.